@adastracomputing/ink 0.1.0-alpha.3 → 0.1.1

package/dist/models/key-entry.d.ts

@@ -0,0 +1,60 @@
+import { z } from "zod";
+export declare const KeyStatusSchema: z.ZodEnum<{
+    active: "active";
+    retired: "retired";
+    revoked: "revoked";
+}>;
+export type KeyStatus = z.infer<typeof KeyStatusSchema>;
+export declare const KeyRoleSchema: z.ZodEnum<{
+    signing: "signing";
+    encryption: "encryption";
+}>;
+export type KeyRole = z.infer<typeof KeyRoleSchema>;
+export declare const KeyEntrySchema: z.ZodObject<{
+    keyId: z.ZodString;
+    algorithm: z.ZodEnum<{
+        Ed25519: "Ed25519";
+        X25519: "X25519";
+    }>;
+    publicKeyMultibase: z.ZodString;
+    status: z.ZodEnum<{
+        active: "active";
+        retired: "retired";
+        revoked: "revoked";
+    }>;
+    validFrom: z.ZodString;
+    validUntil: z.ZodOptional<z.ZodString>;
+    revokedAt: z.ZodOptional<z.ZodString>;
+    revokeReason: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type KeyEntry = z.infer<typeof KeyEntrySchema>;
+export interface CandidateKey {
+    keyId: string;
+    publicKey: Uint8Array;
+    status: KeyStatus;
+    /** ISO 8601 timestamp the key becomes usable. Verifier rejects messages
+     * whose `body.timestamp` falls outside [validFrom, validUntil]. Optional
+     * for backward compat with legacy callers that don't track windows. */
+    validFrom?: string;
+    /** ISO 8601 timestamp the key stops being usable. Typically set when a
+     * key transitions to `retired`. A retired key with no validUntil keeps
+     * verifying indefinitely (legacy behavior); set validUntil to bound it. */
+    validUntil?: string;
+    /** ISO 8601 timestamp the key was revoked. Defensive: status === "revoked"
+     * already blocks verification; this field documents the moment. */
+    revokedAt?: string;
+}
+export interface StoredKey {
+    keyId: string;
+    agentId: string;
+    role: KeyRole;
+    algorithm: string;
+    publicKeyMultibase: string;
+    privateKey: Uint8Array | null;
+    status: KeyStatus;
+    validFrom: string;
+    validUntil: string | null;
+    revokedAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+}

package/dist/models/key-entry.js

@@ -0,0 +1,13 @@
+import { z } from "zod";
+export const KeyStatusSchema = z.enum(["active", "retired", "revoked"]);
+export const KeyRoleSchema = z.enum(["signing", "encryption"]);
+export const KeyEntrySchema = z.object({
+    keyId: z.string().min(1),
+    algorithm: z.enum(["Ed25519", "X25519"]),
+    publicKeyMultibase: z.string().startsWith("z"),
+    status: KeyStatusSchema,
+    validFrom: z.string().datetime(),
+    validUntil: z.string().datetime().optional(),
+    revokedAt: z.string().datetime().optional(),
+    revokeReason: z.string().optional(),
+});

package/dist/models/profile.d.ts

@@ -0,0 +1,61 @@
+import { z } from "zod";
+export declare const AvailabilityConfigSchema: z.ZodObject<{
+    timezone: z.ZodString;
+    meetingHours: z.ZodOptional<z.ZodString>;
+    responseSla: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const ProfileSnapshotSchema: z.ZodObject<{
+    headline: z.ZodString;
+    skills: z.ZodArray<z.ZodString>;
+    interests: z.ZodArray<z.ZodString>;
+    availability: z.ZodOptional<z.ZodObject<{
+        timezone: z.ZodString;
+        meetingHours: z.ZodOptional<z.ZodString>;
+        responseSla: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    openTo: z.ZodArray<z.ZodString>;
+}, z.core.$strip>;
+export declare const ProfileSchema: z.ZodObject<{
+    agentId: z.ZodString;
+    handle: z.ZodString;
+    displayName: z.ZodString;
+    bio: z.ZodString;
+    snapshots: z.ZodObject<{
+        public: z.ZodObject<{
+            headline: z.ZodString;
+            skills: z.ZodArray<z.ZodString>;
+            interests: z.ZodArray<z.ZodString>;
+            availability: z.ZodOptional<z.ZodObject<{
+                timezone: z.ZodString;
+                meetingHours: z.ZodOptional<z.ZodString>;
+                responseSla: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            openTo: z.ZodArray<z.ZodString>;
+        }, z.core.$strip>;
+        connected: z.ZodObject<{
+            headline: z.ZodString;
+            skills: z.ZodArray<z.ZodString>;
+            interests: z.ZodArray<z.ZodString>;
+            availability: z.ZodOptional<z.ZodObject<{
+                timezone: z.ZodString;
+                meetingHours: z.ZodOptional<z.ZodString>;
+                responseSla: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            openTo: z.ZodArray<z.ZodString>;
+        }, z.core.$strip>;
+        custom: z.ZodRecord<z.ZodString, z.ZodObject<{
+            headline: z.ZodString;
+            skills: z.ZodArray<z.ZodString>;
+            interests: z.ZodArray<z.ZodString>;
+            availability: z.ZodOptional<z.ZodObject<{
+                timezone: z.ZodString;
+                meetingHours: z.ZodOptional<z.ZodString>;
+                responseSla: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            openTo: z.ZodArray<z.ZodString>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type AvailabilityConfig = z.infer<typeof AvailabilityConfigSchema>;
+export type ProfileSnapshot = z.infer<typeof ProfileSnapshotSchema>;
+export type Profile = z.infer<typeof ProfileSchema>;

package/dist/models/profile.js

@@ -0,0 +1,24 @@
+import { z } from "zod";
+export const AvailabilityConfigSchema = z.object({
+    timezone: z.string(),
+    meetingHours: z.string().optional(),
+    responseSla: z.string().optional(),
+});
+export const ProfileSnapshotSchema = z.object({
+    headline: z.string().max(500),
+    skills: z.array(z.string().max(100)).max(50),
+    interests: z.array(z.string().max(100)).max(50),
+    availability: AvailabilityConfigSchema.optional(),
+    openTo: z.array(z.string().max(100)).max(20),
+});
+export const ProfileSchema = z.object({
+    agentId: z.string(),
+    handle: z.string(),
+    displayName: z.string().max(200),
+    bio: z.string().max(2000),
+    snapshots: z.object({
+        public: ProfileSnapshotSchema,
+        connected: ProfileSnapshotSchema,
+        custom: z.record(z.string(), ProfileSnapshotSchema),
+    }),
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adastracomputing/ink",
-  "version": "0.1.0-alpha.3",
+  "version": "0.1.1",
   "description": "Library and specification for the INK (Inter-agent Networking Kernel) protocol",
   "license": "MIT OR Apache-2.0",
   "author": "Ad Astra Computing Inc.",
@@ -13,24 +13,24 @@
     "url": "https://github.com/Ad-Astra-Computing/ink/issues"
   },
   "type": "module",
-  "main": "./src/index.ts",
-  "types": "./src/index.ts",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "exports": {
     ".": {
-      "types": "./src/index.ts",
-      "default": "./src/index.ts"
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
     },
     "./package.json": "./package.json"
   },
   "sideEffects": false,
   "engines": {
-    "node": ">=22"
+    "node": ">=24"
   },
   "bin": {
     "ink": "./bin/ink.mjs"
   },
   "files": [
-    "src/",
+    "dist/",
     "bin/",
     "specs/",
     "docs/",
@@ -43,21 +43,25 @@
     "CODE_OF_CONDUCT.md"
   ],
   "scripts": {
+    "build": "rm -rf dist && tsc -p tsconfig.build.json",
     "test": "vitest run",
     "typecheck": "tsc --noEmit",
     "lint": "eslint src/ test/ scripts/",
-    "check:surface": "tsx scripts/check-public-surface.ts"
+    "check:surface": "tsx scripts/check-public-surface.ts",
+    "check:pack": "./scripts/check-pack.sh",
+    "prepack": "npm run build",
+    "prepublishOnly": "npm run build"
   },
   "dependencies": {
     "@noble/curves": "^2.2.0",
     "@noble/ed25519": "^3.1.0",
-    "@noble/hashes": "^1.8.0",
+    "@noble/hashes": "^2.2.0",
     "canonicalize": "^2.1.0",
-    "zod": "^3.23.0"
+    "zod": "^4.4.3"
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20260418.1",
-    "@types/node": "^22.0.0",
+    "@types/node": "^24.12.4",
     "@typescript-eslint/eslint-plugin": "^8.60.0",
     "@typescript-eslint/parser": "^8.60.0",
     "eslint": "^10.4.0",

package/specs/ink-auditability.md

@@ -425,7 +425,7 @@ A third-party audit service is a **INK service role**, not a standard INK agent.
 | Concern | INK Agent | Audit Service |
 |---------|-----------|--------------|
 | Identity | DID bound to a human via `agentLink` | `did:web` or `did:key`, self-sovereign, no human owner |
-| Discovery | `TulpaAgentEndpoint` in DID document | Advertised in subscribing agents' Agent Card `capabilities.thirdPartyAudit.services` |
+| Discovery | `INKAgentEndpoint` in DID document (legacy `TulpaAgentEndpoint` also accepted during v0.1.x) | Advertised in subscribing agents' Agent Card `capabilities.thirdPartyAudit.services` |
 | Auth (inbound) | INK auth §3.3, verifies sender's `agentLink` delegation | INK auth §3.3, verifies sender's `agentLink` delegation (same as any INK endpoint) |
 | Auth (outbound) | Signs with `agentLink.signingKeyMultibase` | Signs with its own Ed25519 key (published in subscribing agents' Agent Card) |
 | Delegation proof | Required, must trace authority back to a human DID | Not applicable, the service is independently trusted by each subscribing agent |
@@ -436,7 +436,7 @@ A third-party audit service is a **INK service role**, not a standard INK agent.
 
 2. **Inbound auth is standard INK.** When agents submit events TO the service, the service verifies the submitter's identity via standard INK auth (§3.3), resolve the sender's DID, find their `agentLink`, verify the signature. The service is a normal INK recipient in this direction.
 
-3. **Service DID resolution.** The service's `did:web` (or `did:key`) is resolved normally for TLS binding and key discovery, but the service does NOT need a `TulpaAgentEndpoint` service entry in its DID document. Its endpoint is provided directly in the subscribing agent's Agent Card configuration.
+3. **Service DID resolution.** The service's `did:web` (or `did:key`) is resolved normally for TLS binding and key discovery, but the service does NOT need an `INKAgentEndpoint` service entry in its DID document. Its endpoint is provided directly in the subscribing agent's Agent Card configuration.
 
 4. **No inbox, no intents.** The audit service does not accept INK intents, challenges or resolutions. It exposes only the audit-specific endpoints (`/ink/v1/audit/submit`, `/ink/v1/audit/query`).
 

package/specs/ink-containment-phase1-implementation-spec.md

@@ -182,7 +182,7 @@ When visibility is `capability_gated`, unauthenticated requests to the Agent Car
 
 ```typescript
 interface RedactedAgentCard {
-  type: "tulpa.agent.card";
+  type: "ink.agent.card";  // legacy "tulpa.agent.card" MUST also be accepted during v0.1.x
   version: "1.0";
   agentId: string;
   displayName?: string;